DivvyHQ’s Essential Standard Requirements Areas

Overview

Alluresoft, LLC, dba DivvyHQ, takes security, privacy, data governance, compliance, availability, performance and interoperability very seriously. We understand that our customers have entrusted DivvyHQ with not only their data and keeping their data secure. We also understand that our customers expect our platform to have a high availability, perform well, and have the proper redundancies in place.

The Divvy Details

Security

DivvyHQ’s platform is only accessible over SSL. From the point of entry (login) to the point of exit (logout), all actions are sent over HTTPS. DivvyHQ limits access to core systems to engineers and analysts. Access is granted via individual SSH keys and access can be revoked within a matter of seconds. DivvyHQ guards against the threat of disruption of service (eg - DDoS) by utilizing CloudFlare. DivvyHQ understands the inherent risks of a multi-tenant platform and has adopted industry standards with regards to how our platform provides the end-user with the appropriate data.

DivvyHQ applies Zero Day patches on the day a patch is made available. Routinely, all software on our servers are updated to the latest stable versions. DivvyHQ relies on our Intrusion Detection System for alerting in the event of unauthorized activity. In the unlikely event of a security breach, we have in place an Incident Response Plan, which will be followed to help mitigate the effect to us and our customers.

Privacy

DivvyHQ assumes full responsibility for the privacy of our customer’s data while within our platform. Being a multi-tenant platform, we take the appropriate industry standards for data protection. As a customer of DivvyHQ, we ensure that your data is never viewed by somebody that shouldn’t have access. As appropriate, DivvyHQ follows appropriate regional standards for privacy (eg - EU Safe Harbor[1]); however, these regional standards are handled on a case-by-case basis, and as needs arise.

Data Governance

DivvyHQ is the source of truth for many of our customers, from planning to content generation. To that end, we shall use customer data to help end users make better decisions, produce better outcomes and analyze their content’s performance. The data that makes up these metrics and reports are solely owned by the customer. However, DivvyHQ does retain the right to use customer data, in an anonymous fashion and as long as the customer is still a customer of DivvyHQ, to analyze industry and platform trends.

Compliance

DivvyHQ takes compliance very seriously and addresses the needs of the customer on a case-by-case basis. As appropriate, industry or geopolitical-specific standards arise (eg - FINRA) and will be taken into account. Nevertheless, DivvyHQ makes no promise that we can or will adhere to every possible standard. DivvyHQ follows industry best practices with regards to data security and privacy, which allows us to overlap many of the industry or geopolitical-specific standards that exist. DivvyHQ also understands the need for certain enterprise-specific standards (eg - SSO) and will work on a case-by-case basis to find, or build, an appropriate solution.

Availability

DivvyHQ, excluding regularly planned maintenance or downtime, aims for an availability of 99.8%, which correlates to one hour of unplanned downtime[2] per 30 calendar days. Important, nonrecoverable services (ex: databases) are encrypted and downloaded outside of Amazon Web Services (AWS), our hosting vendor. Our platform code is backed up outside of AWS and is available within minutes if Github were to become unavailable. In the very unlikely event of a catastrophic disruption to AWS, DivvyHQ has a Disaster Recovery Plan in place for restoration of service. In the event of DivvyHQ becoming insolvent, customers will be given appropriate notice and will be provided specific steps for retrieving their data from DivvyHQ’s platform.

Performance

DivvyHQ utilizes CloudFlare as a CDN for all of our served content. Hosting is provided by Amazon Web Services (AWS), which allows us to scale to meet platform demands. We utilize many different monitoring tools to help us understand the current state of our platform and make refinements, as appropriate. DivvyHQ also takes redundancy seriously. Important, nonrecoverable services are replicated across different availability zones within AWS. Our platform code is stored within Github and can be retrieved and re-deployed within minutes of a disruption.

Interoperability

DivvyHQ has integrations with various third-party platforms (eg - Twitter) and we will continue to build new integrations as customer needs dictate. We also offer an API to our Enterprise customers, which shall allow our customers to handle unsupported integrations on their own.

This document does not, and is not intended to, cover all of the possible ways that DivvyHQ protects our customers or their data. DivvyHQ is constantly evolving and making changes to our platform on a regular cadence. We strive to produce an excellent user experience and follow industry standards where they are available. If we ever encounter something that doesn’t have a precedent defined, we take it upon ourselves to establish a solution that keeps the integrity of our platform and the integrity of our customers’ data intact.